| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o Fix invalid TCP checksums with pf(4). [EN-16:02.pf]
o Fix YP/NIS client library critical bug. [EN-16:03.yplib]
o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp]
o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp]
o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux]
o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux]
o Fix TCP MD5 signature denial of service. [SA-16:05.tcp]
o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd]
Errata: FreeBSD-EN-16:01.filemon
Errata: FreeBSD-EN-16:02.pf
Errata: FreeBSD-EN-16:03.yplib
Security: FreeBSD-SA-16:01.sctp, CVE-2016-1879
Security: FreeBSD-SA-16:02.ntp, CVE-2015-5300
Security: FreeBSD-SA-16:03.linux, CVE-2016-1880
Security: FreeBSD-SA-16:04.linux, CVE-2016-1881
Security: FreeBSD-SA-16:05.tcp, CVE-2016-1882
Security: FreeBSD-SA-16:06.bsnmpd, CVE-2015-5677
Approved by: so
Notes:
svn path=/releng/10.2/; revision=293893
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix resource exhaustion in TCP reassembly. [SA-15:15]
Fix OpenSSH multiple vulnerabilities. [SA-15:16]
Approved by: re (so blanket)
Notes:
svn path=/releng/10.2/; revision=285978
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid a situation where we do not set persist timer after a zero window
condition.
If you send a 0-length packet, but there is data is the socket buffer, and
neither the rexmt or persist timer is already set, then activate the persist
timer.
PR: 192599
Approved by: re (delphij)
Notes:
svn path=/stable/10/; revision=285793
|
| |
|
|
|
|
|
|
|
|
| |
Security: CVE-2015-5358
Security: SA-15:13.tcp
Submitted by: Jonathan Looney (Juniper SIRT)
Approved by: re (so blanket)
Notes:
svn path=/stable/10/; revision=285778
|
| |
|
|
|
|
|
|
|
|
|
| |
Check TCP timestamp option flag so that the automatic receive buffer
scaling code does not use an uninitialized timestamp echo reply value
from the stack when timestamps are not enabled.
Approved by: re (gjb)
Notes:
svn path=/stable/10/; revision=285762
|
| |
|
|
| |
Notes:
svn path=/stable/10/; revision=284776
|
| |
|
|
|
|
|
| |
When setting the primary address, return an error whenever it fails.
Notes:
svn path=/stable/10/; revision=284693
|
| |
|
|
|
|
|
|
| |
Fix a bug related to flow assignment I introduced in
https://svnweb.freebsd.org/base?view=revision&revision=275483
Notes:
svn path=/stable/10/; revision=284634
|
| |
|
|
|
|
|
|
|
|
| |
Add FIB support for SCTP.
This fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200379
PR: 200379
Notes:
svn path=/stable/10/; revision=284633
|
| |
|
|
|
|
|
|
|
|
|
| |
Ensure that the flowid hashtype is assigned to the inp if the flowid
is also assigned.
Spotted by: gallatin
Tested by: gallatin
Notes:
svn path=/stable/10/; revision=284603
|
| |
|
|
|
|
|
| |
Correctly detect the case where the last address is removed.
Notes:
svn path=/stable/10/; revision=284507
|
| |
|
|
|
|
|
|
|
|
| |
Stop the heartbeat timer when removing a net.
Thanks to the reporter of
https://code.google.com/p/sctp-refimpl/issues/detail?id=14
for reporting the issue.
Notes:
svn path=/stable/10/; revision=284505
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extend fixes made in r278103 and r38754 by copying the complete packet
header and not only partial flags and fields. Firewalls can attach
classification tags to the outgoing mbufs which should be copied to
all the new fragments. Else only the first fragment will be let
through by the firewall. This can easily be tested by sending a large
ping packet through a firewall. It was also discovered that VLAN
related flags and fields should be copied for packets traversing
through VLANs. This is all handled by "m_dup_pkthdr()".
Regarding the MAC policy check in ip_fragment(), the tag provided by
the originating mbuf is copied instead of using the default one
provided by m_gethdr().
Tested by: Karim Fodil-Lemelin <fodillemlinkarim at gmail.com>
Sponsored by: Mellanox Technologies
PR: 7802
Notes:
svn path=/stable/10/; revision=284496
|
| |
|
|
|
|
|
| |
Fix the reporting of the PMTUD state for specific paths.
Notes:
svn path=/stable/10/; revision=284440
|
| |
|
|
|
|
|
| |
Code cleanup.
Notes:
svn path=/stable/10/; revision=284439
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case of an output error, continue with the next net, don't try to
continue sending on the same net.
This fixes a bug where an invalid mbuf chain was constructed, if a
full size frame of control chunks should be sent and there is a
output error.
Based on a discussion with rrs@, change move to the next net. This fixes
the bug and improves the behaviour.
Thanks to Irene Ruengeler for spending a lot of time in narrowing this
problem down.
Notes:
svn path=/stable/10/; revision=284438
|
| |
|
|
|
|
|
|
|
|
| |
Fix a callout race condition introduced in TCP timers callouts with r281599.
In TCP timer context, it is not enough to check callout_stop() return value
to decide if a callout is still running or not, previous callout_reset()
return values have also to be checked.
Notes:
svn path=/stable/10/; revision=284261
|
| |
|
|
|
|
|
|
| |
Export a pointer to the SCTP socket. This is needed to add SCTP support
to sockstat.
Notes:
svn path=/stable/10/; revision=284150
|
| |
|
|
|
|
|
|
|
| |
Change struct attribute to avoid aligned operations mismatch
Previous __alignment(4) allowed compiler to assume that operations are
performed on aligned region. On ARM processor, this led to alignment fault
Notes:
svn path=/stable/10/; revision=284099
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Remove in_gif.h and in6_gif.h files. They only contain function
declarations used by gif(4). Instead declare these functions in C files.
Also make some variables static.
MFC r276215:
Extern declarations in C files loses compile-time checking that
the functions' calls match their definitions. Move them to header files.
Notes:
svn path=/stable/10/; revision=284072
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Overhaul if_gre(4).
Split it into two modules: if_gre(4) for GRE encapsulation and
if_me(4) for minimal encapsulation within IP.
gre(4) changes:
* convert to if_transmit;
* rework locking: protect access to softc with rmlock,
protect from concurrent ioctls with sx lock;
* correct interface accounting for outgoing datagramms (count only payload size);
* implement generic support for using IPv6 as delivery header;
* make implementation conform to the RFC 2784 and partially to RFC 2890;
* add support for GRE checksums - calculate for outgoing datagramms and check
for inconming datagramms;
* add support for sending sequence number in GRE header;
* remove support of cached routes. This fixes problem, when gre(4) doesn't
work at system startup. But this also removes support for having tunnels with
the same addresses for inner and outer header.
* deprecate support for various GREXXX ioctls, that doesn't used in FreeBSD.
Use our standard ioctls for tunnels.
me(4):
* implementation conform to RFC 2004;
* use if_transmit;
* use the same locking model as gre(4);
PR: 164475
MFC r274289 (by bz):
gcc requires variables to be initialised in two places. One of them
is correctly used only under the same conditional though.
For module builds properly check if the kernel supports INET or INET6,
as otherwise various mips kernels without IPv6 support would fail to build.
MFC r274964:
Add ip_gre.h to ObsoleteFiles.inc.
Notes:
svn path=/stable/10/; revision=284066
|
| |
|
|
|
|
|
|
|
|
| |
- Virtualize interface cloner for gre(4). This fixes a panic when destroying
a vnet jail which has a gre(4) interface.
- Make net.link.gre.max_nesting vnet-local.
Notes:
svn path=/stable/10/; revision=284018
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Remove route chaching support from ipsec code. It isn't used for some time.
* remove sa_route_union declaration and route_cache member from struct secashead;
* remove key_sa_routechange() call from ICMP and ICMPv6 code;
* simplify ip_ipsec_mtu();
* remove #include <net/route.h>;
Sponsored by: Yandex LLC
Notes:
svn path=/stable/10/; revision=283901
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add an ability accept encapsulated packets from different sources by one
gif(4) interface. Add new option "ignore_source" for gif(4) interface.
When it is enabled, gif's encapcheck function requires match only for
packet's destination address.
Differential Revision: https://reviews.freebsd.org/D2004
Sponsored by: Yandex LLC
Notes:
svn path=/stable/10/; revision=283852
|
| |
|
|
|
|
|
| |
Remove printf() noise...
Notes:
svn path=/stable/10/; revision=283830
|
| |
|
|
|
|
|
|
|
| |
Report the MTU consistently as specified in
https://tools.ietf.org/html/rfc6458
Thanks to Irene Ruengeler for helping me to fix this bug.
Notes:
svn path=/stable/10/; revision=283829
|
| |
|
|
|
|
|
|
|
|
|
| |
Take source and destination address into account when determining
the scope.
This fixes a problem when a client with a global address
connects to a server with a private address.
Thanks to Irene Ruengeler in helping me to find the issue.
Notes:
svn path=/stable/10/; revision=283828
|
| |
|
|
|
|
|
| |
Retire SCTP_DONT_DO_PRIVADDR_SCOPE which was never defined.
Notes:
svn path=/stable/10/; revision=283827
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a bug where messages would not be sent in SHUTDOWN_RECEIVED state.
This problem was reported by Mark Bonnekessel and Markus Boese.
Thanks to Irene Ruengeler for helping me to fix the cause of
the problem. It can be tested with the following packetdrill script:
+0.0 socket(..., SOCK_STREAM, IPPROTO_SCTP) = 3
+0.0 fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
+0.0 fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
// Check the handshake with an empty(!) cookie
+0.1 connect(3, ..., ...) = -1 EINPROGRESS (Operation now in progress)
+0.0 > sctp: INIT[flgs=0, tag=1, a_rwnd=..., os=..., is=..., tsn=0, ...]
+0.1 < sctp: INIT_ACK[flgs=0, tag=2, a_rwnd=10000, os=1, is=1, tsn=0, STATE_COOKIE[len=4, val=...]]
+0.0 > sctp: COOKIE_ECHO[flgs=0, len=4, val=...]
+0.1 < sctp: COOKIE_ACK[flgs=0]
+0.0 getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
+0.0 write(3, ..., 1024) = 1024
+0.0 > sctp: DATA[flgs=BE, len=1040, tsn=0, sid=0, ssn=0, ppid=0]
+0.0 write(3, ..., 1024) = 1024 // Pending due to Nagle
+0.0 < sctp: SHUTDOWN[flgs=0, cum_tsn=0]
+0.0 > sctp: DATA[flgs=BE, len=1040, tsn=1, sid=0, ssn=1, ppid=0]
+0.0 < sctp: SACK[flgs=0, cum_tsn=1, a_rwnd=10000, gaps=[], dups=[]] // Do we need another SHUTDOWN here?
+0.0 > sctp: SHUTDOWN_ACK[flgs=0]
+0.0 < sctp: SHUTDOWN_COMPLETE[flgs=0]
+0.0 close(3) = 0
Notes:
svn path=/stable/10/; revision=283826
|
| |
|
|
|
|
|
|
| |
Use macros for overhead in a consistent way. No functional change.
Thanks to Irene Ruengeler for suggesting the change.
Notes:
svn path=/stable/10/; revision=283825
|
| |
|
|
|
|
|
| |
Some more debug info cleanup.
Notes:
svn path=/stable/10/; revision=283823
|
| |
|
|
|
|
|
|
| |
Fix and cleanup the debug information. This has no user-visible changes.
Thanks to Irene Ruengeler for proving a patch.
Notes:
svn path=/stable/10/; revision=283822
|
| |
|
|
|
|
|
| |
Address some compiler warnings. No functional change.
Notes:
svn path=/stable/10/; revision=283821
|
| |
|
|
|
|
|
|
|
|
| |
Ensure that the COOKIE-ACK can be sent over UDP if the COOKIE-ECHO was
received over UDP.
Thanks to Felix Weinrank for makeing me aware of the problem and to
Irene Ruengeler for providing the fix.
Notes:
svn path=/stable/10/; revision=283741
|
| |
|
|
|
|
|
|
|
| |
Don't panic under INVARIANTS when receiving a SACK which cumacks
a TSN never sent.
While there, fix two typos.
Notes:
svn path=/stable/10/; revision=283740
|
| |
|
|
|
|
|
|
|
|
| |
Improve the selection of the destination address of SACK chunks.
This fixes
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196755
and is joint work with rrs@.
Notes:
svn path=/stable/10/; revision=283736
|
| |
|
|
|
|
|
|
|
| |
Make sure that we don't free an SCTP shared key too early.
Thanks to Pouyan Sepehrdad from Qualcomm Product Security Initiative
for reporting the issue.
Notes:
svn path=/stable/10/; revision=283734
|
| |
|
|
|
|
|
|
| |
Use the reference count of the right SCTP inp.
Joint work with rrs@
Notes:
svn path=/stable/10/; revision=283733
|
| |
|
|
|
|
|
|
|
|
| |
Fix two bugs which resulted in a screwed up end point list:
* Use a save way to walk throught a list while manipulting it.
* Have to appropiate locks in place.
Joint work with rrs@
Notes:
svn path=/stable/10/; revision=283732
|
| |
|
|
|
|
|
|
|
| |
Fix the bug in the handling of fragmented abandoned SCTP user messages reported in
https://code.google.com/p/sctp-refimpl/issues/detail?id=11
Thanks to Lally Singh for reporting it.
Notes:
svn path=/stable/10/; revision=283731
|
| |
|
|
|
|
|
|
| |
Fix an accounting bug related to the per stream chunk counter.
While there, don't refer to a net articifically.
Notes:
svn path=/stable/10/; revision=283730
|
| |
|
|
|
|
|
|
| |
When an ICMP message is received and the MTU shrinks, only
mark outstanding chunks for retransmissions.
Notes:
svn path=/stable/10/; revision=283729
|
| |
|
|
|
|
|
| |
Remove a useless assignment.
Notes:
svn path=/stable/10/; revision=283728
|
| |
|
|
|
|
|
|
| |
Fix the adaptation of the path state when thresholds are changed
using the SCTP_PEER_ADDR_THLDS socket option.
Notes:
svn path=/stable/10/; revision=283727
|
| |
|
|
|
|
|
|
| |
Keep track on the socket lock state. This fixes a bug showing up on
Mac OS X.
Notes:
svn path=/stable/10/; revision=283726
|
| |
|
|
|
|
|
| |
Unlock the stcb when using setsockopt() for the SCTP_PEER_ADDR_THLDS option.
Notes:
svn path=/stable/10/; revision=283725
|
| |
|
|
|
|
|
| |
Add a SCTP socket option to limit the cwnd for each path.
Notes:
svn path=/stable/10/; revision=283724
|
| |
|
|
|
|
|
| |
Fix a typo.
Notes:
svn path=/stable/10/; revision=283723
|
| |
|
|
|
|
|
| |
Whitespace change.
Notes:
svn path=/stable/10/; revision=283722
|
| |
|
|
|
|
|
|
|
|
|
| |
Remove comparisons which are not necessary.
With manual intervention.
Reported by: Coverity
CID: 1237826, 1237844, 1237847
Notes:
svn path=/stable/10/; revision=283721
|
